Browse Source

Add files for enforced DNS

master
Pekka Helenius 3 years ago
parent
commit
fabbcd7fb5
5 changed files with 62 additions and 0 deletions
  1. +9
    -0
      anbox_files/dns_enforced/README.md
  2. +29
    -0
      anbox_files/dns_enforced/anbox-exec.sh
  3. +7
    -0
      anbox_files/dns_enforced/anbox-restart.sh
  4. +13
    -0
      anbox_files/dns_enforced/anbox-session-manager
  5. +4
    -0
      anbox_files/dns_enforced/local-iptables

+ 9
- 0
anbox_files/dns_enforced/README.md View File

@ -0,0 +1,9 @@
## Installation
`anbox-restart.sh` -> `/usr/local/bin/anbox-restart` and `chmod +x $(which anbox-restart)`
`anbox-exec` -> `/usr/local/bin/anbox-exec` and `chmod +x $(which anbox-exec)`
`anbox-session-manager` -> `/usr/local/bin/anbox-session-manager` and `chmod +x $(which anbox-session-manager)`
`local-iptables` -> apply rules to your iptables, or allow DNS for `anbox0` interface by other means

+ 29
- 0
anbox_files/dns_enforced/anbox-exec.sh View File

@ -0,0 +1,29 @@
#!/bin/sh
DNS_LOCAL="192.168.250.1.53"
if [ "$(id -u)" -ne 0 ]; then
echo "ERROR: You need to run this script as root!"
exit 1
fi
CONTAINER_PATH="$SNAP_COMMON/containers"
CONTAINER_NAME=default
if [ -z "$SNAP" ] ; then
CONTAINER_PATH=/var/lib/anbox/containers
fi
state=$(lxc-info -P "$CONTAINER_PATH" -n "$CONTAINER_NAME" -s | cut -d':' -f 2 | tr -d '[:space:]')
if [ "$state" != "RUNNING" ] ; then
echo "ERROR: Cannot attach to container as it is not running"
exit 1
fi
exec lxc-attach \
-P "$CONTAINER_PATH" \
-n "$CONTAINER_NAME" \
--clear-env -- \
/system/bin/sh -c \
"/system/bin/iptables -t nat -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j DNAT --to-destination ${DNS_LOCAL}
/system/bin/iptables -t nat -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j DNAT --to-destination ${DNS_LOCAL}"

+ 7
- 0
anbox_files/dns_enforced/anbox-restart.sh View File

@ -0,0 +1,7 @@
#!/bin/env bash
sudo systemctl restart anbox-container-manager.service
sleep 2
systemctl --user restart anbox-session-manager
sleep 2
sudo anbox-exec

+ 13
- 0
anbox_files/dns_enforced/anbox-session-manager View File

@ -0,0 +1,13 @@
#!/bin/env bash
# This is a simple wrapper workaround. If we launch Anbox session manager before a desktop/Xorg session,
# the session simply fails to launch, complaining about insufficient drm permissions (permission denied 13)
# in a Xorg log file.
# Use this script as start-up program in your desktop session start-up application menu. It ensures that
# Xorg session starts BEFORE Anbox session manager, and both succeed to launch.
if [[ $(systemctl is-active anbox-container-manager.service) ]]; then
systemctl --user start anbox-session-manager
anbox-exec
fi

+ 4
- 0
anbox_files/dns_enforced/local-iptables View File

@ -0,0 +1,4 @@
# These rules apply to a local DNS server, running on the same computer than Anbox
-A INPUT -i anbox0 -p tcp --dport 53 -j ACCEPT
-A INPUT -i anbox0 -p udp --dport 53 -j ACCEPT

Loading…
Cancel
Save